DirectAccess in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly verify server X.509 certificates, which allows man-in-the-middle attackers to spoof servers and read encrypted domain credentials via a crafted certificate.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
http://technet.microsoft.com/security/advisory/2862152 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: microsoft
Published: 2013-11-16T02:00:00Z
Updated: 2024-09-16T20:36:42.576Z
Reserved: 2013-06-03T00:00:00Z
Link: CVE-2013-3876
Vulnrichment
No data.
NVD
Status : Modified
Published: 2013-11-18T03:55:05.680
Modified: 2024-11-21T01:54:27.963
Link: CVE-2013-3876
Redhat
No data.